Malware Apps On Google Play Added Devices To A Botnet, Proving Google Is Still Terrible At Reviewing Apps
Malware has been a persistent problem of Google's proprietary Play Store for quite a while, so much so that it's almost laughable compared with the App Store, which, thanks to Apple's highly strict review and monitoring system, rarely has any problems with malware.
Sure, some malicious crapshoots still manage to bypass Apple's tightly wrung app deliberation process once in a while, but the Play Store, by comparison, has had more terrible luck with apps of this nature, and when that happens, it raises several questions about Google's review process: What seems to be the problem? Why are some malware-infected apps still getting through?
No one knows for sure. With that in mind, reports now say it's happened again. Security researchers at Symantec recently discovered a total of eight apps from Google's marketplace secretly added devices to a botnet. These apps functioned as fronts for a "new and highly prevalent type of Android malware" named Android.Sockbot.
Google Play Apps Connected Devices To A Botnet
Google has since removed the apps in question — but apparently not quick enough. They were downloaded and installed in up to 2.6 million devices prior to the shutdown, which really should not have happened in the first place had Google detected them early on in the review process.
Disguised as Minecraft skins for Minecraft: Pocket Edition, the app contained a camouflaged Android.Sockbot malware, which connects devices to servers controlled by the developers. On Wednesday, Oct. 19, Symantec said in a blog post that the apps mostly targeted mobile users in the United States, but the malware can be found in several European countries as well.
While the apps did offer Minecraft users the skins they wanted, something suspicious occurred under the hood. They connected the devices to a command and control server that repeatedly pulled in requests to connect the devices to an ad server. But the odd thing was, according to Symantec, the apps didn't actually have any functionality to display ads, which meant that those servers might have just been a ploy to force the devices to participate in a slew of malicious activities.
Google's Questionable Review Process For Apps
How these apps ended up in Google Play undetected is still uncertain. As Ars Technica notes, this is yet another proof that Google is unable to properly filter out malicious apps and is poor at detecting bogus ones before allowing them to be downloaded by practically everyone. In a previous incident just this past August, Google Play shut down three messaging apps after discovering that they could secretly download photos, record audio, and retrieve call logs.
Until Google improves its seemingly impaired review process for apps, it's probably best not to download anything willy-nilly, especially ones that look pretty suspicious.